This is the Trace Id: c8c15ad0e3b6129699225c3cfd9ab732
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

MS11-053: Vulnerability in the Bluetooth stack could allow remote code execution

Security Research & Defense
/ By swiat /

The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors.

How can I protect my system?

The best way to protect any potentially vulnerable system is to apply the MS11-053 security update. If you are not able to apply the security update, you can close off the attack surface by preventing any Bluetooth device from connecting to your computer. The graphic below shows the Windows 7 Bluetooth Settings option for doing so. Side effect: Your Bluetooth mouse or headset will stop working until you re-allow Bluetooth devices to connect to your computer.

Am I vulnerable to remote code execution attacks today?

Short answer: Probably not. And here’s why:

Exploitability : First, we assigned this vulnerability with an Exploitability Index rating of “2”. We believe it will be difficult to build a reliable exploit for code execution using this vulnerability. It’s more likely that attackers will discover a way to cause a system denial-of-service (“bugcheck” / “bluescreen”) using this vulnerability.

Discoverability : Secondly, your system’s 48-bit Bluetooth address is not “discoverable” by default. Notice in the Bluetooth Settings screenshot above that Bluetooth devices are not allowed by default to “find” this computer. If your system were “discoverable,” it would respond to attacker SDP queries with its Bluetooth address. But in the default state, an attacker must obtain your Bluetooth address another way – either via bruteforcing it or extracting it from Bluetooth traffic captured over-the-air.

Extracting Bluetooth address by sniffing traffic : If you have paired a Bluetooth peripheral and are actively communicating, it is hard but not impossible to extract the Bluetooth address from the traffic sent over-the-air. A device is available on the market for $10,000 - $30,000 to do this in about 5 minutes. Research continues to advance in this space and we expect in years to come that this will become quicker for attackers. But for now, it remains difficult but not impossible to extract the Bluetooth address from over-the-air traffic.

Proximity : Finally, while this vulnerability is exposed remotely, it is not reachable over the Internet. An attacker must be physically nearby to target you. Again, recent research has widened the definition of “nearby” for Bluetooth but suffice to say that an attacker would need to be within line-of-sight. This nearby attacker then could spend several hours brute-forcing your Bluetooth address and attempting to exploit the vulnerability.

This combination of factors leads us to believe that systems are unlikely to be exposed to reliable remote code execution exploits via this vulnerability in the next 30 days.

Thanks to Krupa Poobala-chandran from the Windows Sustained Engineering team for the help yesterday afternoon pulling this blog post together.

- Jonathan Ness, MSRC Engineering

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads